Quick Links

Online Safety Tips

Ways to Avoid Becoming a Victim of Phishing Scams and Identity Theft

As more people become Internet savvy, even more illegitimate companies are ready to scam Internet users out of personal information such as their Social Security number, credit card numbers and credit union or bank account numbers.

Most businesses on the Web are, in fact, legitimate. Simply use common sense when using the Internet. If a product or service seems too good to be true, it probably is. And if you have a gut feeling that something isn't legitimate, you're probably right.

"Phishing," a type of scam on the Internet, can be defined as the act of sending an email to someone, falsely claiming to be a legitimate company in an attempt to scam the user into surrendering private information that will be used for identity theft. The email directs the user to visit a Web site, usually by having them click on a link, and they are asked to update personal information, such as passwords, credit card numbers, Social Security number, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and was set up only to steal the user's information.

The following is a list of recommendations to help avoid becoming a victim of phishing scams and identity theft.

Be suspicious of any email with urgent requests for personal financial information unless the email is digitally signed (you can't be sure it wasn't forged or 'spoofed'). Phishers typically: (1) include upsetting or exciting (but false) statements in their emails to get people to react immediately; (2) ask for confidential information such as usernames, passwords, credit card numbers, Social Security numbers, account numbers, etc.; and (3) do not personalize the email message (while valid messages from your credit union should be).

Don't use the links in an email to get any Web page if you suspect the message might not be authentic. Instead, call the company on the telephone, or log onto the Web site directly by typing in the known Web address on your browser.

Avoid filling out forms in email messages that ask for personal financial information. You should only communicate information such as credit card numbers or account information via a secure website or the telephone.

Always ensure that you're using a Web site when submitting credit card or other sensitive information via your Web browser. To make sure you're on a secure Web server, check the beginning of the Web address in your browser's address bar it should be https:// rather than just http://.

Consider installing a Web browser tool bar to help protect you from known phishing fraud Web sites.

Regularly logon into your online accounts and don't wait for as long as a month before you check each account.

Always report "phishing" or "spoofed" emails to the following groups:

Forward the email to the "abuse" email address at the company that is being spoofed;

When forwarding spoofed messages, always include the entire original email with its original header information intact; and

Notify the Internet Fraud Complaint Center of the FBI by filing a complaint on their Web site: www.ic3.gov.

What To Do If You've Given Out Your Personal Financial Information

Phishing attacks are growing quite sophisticated and difficult to detect, even for the most technically savvy people. And many people are getting onto the Internet and using email or Web browsers for the first time. As a result, some people are going to continue to be fooled into giving up their personal financial information in response to a phishing email or on a phishing Web site. If you have been tricked this way, you should assume that you will become a victim of credit card fraud, financial institution fraud, or identity theft. Below is some advice on what to do if you are in this situation:

Report the theft of this information to the credit issuer as quickly as possible:

Many companies have toll-free numbers and 24-hour service to deal with such emergencies.

Cancel your account and open a new one.

Review your billing statements carefully after the loss:

If they show any unauthorized charges, it's best to send a letter to the card issuer describing each questionable charge.

Credit Card Loss or Fraudulent Charges (FCBA):

Your maximum liability under federal law for unauthorized use of your credit card is $50.

If the loss involves your credit card number, but not the card itself, you have no liability for unauthorized use.

ATM or Debit Card Loss or Fraudulent Transfers (EFTA):

Your liability under federal law for unauthorized use of your ATM or debit card depends on how quickly you report the loss.

You risk unlimited loss if you fail to report an unauthorized transfer within 60 days after your financial statement containing your unauthorized use is mailed to you.

Report the theft of this information to the credit union or bank as quickly as possible.

Some phishing attacks use viruses and/or Trojans to install programs called "key loggers" on your computer.

These programs capture and send out any information that you type to the phisher, including credit card numbers, usernames, passwords, Social Security numbers, etc. In this case, you should:

Install and/or update anti-virus and personal firewall software.

Update all virus definitions and run a full scan.

Confirm every connection your firewall allows.

If your system appears to have been compromised, fit it and then change your password again, since you may well have transmitted the new one to the hacker.

Check your other accounts! The hackers may have helped themselves to many different accounts: eBay account, PayPal, your email ISP, online bank accounts, online trading accounts, e-commerce accounts, and everything else for which you use online passwords.

Identity theft occurs when someone uses your personal information such as your name, Social Security number, credit card number or other identifying information, without your permission to commit fraud or other crimes.

If you have given out this kind of information to a phisher, you should do the following:

Report the theft to the three major credit reporting agencies, Experian, Equifax and TransUnion Corporation, and do the following:

Request that they place a fraud alert and a victim's statement in your file.

Request a FREE copy of your credit report to check whether any accounts were opened without your consent. You can find information about obtaining free credit reports on the Federal Trade Commission's Web site at: www.ftc.gov/freereports.

Request that the agencies remove inquiries and/or fraudulent accounts stemming from the theft.

The Internet Fraud Complaint Center (IFCC) is a partnership between the Federal Bureau of Investigations (FBI) and the National White Collar Crime Center (NW3C), with a mission to address fraud committed over the Internet.

For victims of Internet fraud, IFCC provides a convenient and easy-to-use reporting mechanism that alerts authorities of a suspected criminal or civil violation.

Document the names and phone numbers of everyone you speak to regarding the incident. Follow-up your phone calls with letters. Keep copies of all correspondence.